View Full Version : Malware - unable to remove
I seem to have malware that I have been unable to remove despite multiple scans with Spybot and MBAM. Any help you can give me would be very much appreciated. DDS logs and most recent MBAM log are pasted below. Thanks.
DDS Log file below:
DDS (Ver_10-03-17.01) - NTFSx86
Run by RXN14 at 14:35:39.20 on Sun 07/25/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.553 [GMT -4:00]
AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
svchost.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\RXN14\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\rangan~1\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\windows\dvzcommon\DvzMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
Trusted Zone: turbotax.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-IN/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231595243_a89607c8f780acd149fd749b7f626f41&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-10-27 7808]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [2005-8-16 5120]
=============== Created Last 30 ================
2010-07-19 05:10:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-19 00:02:45 0 d-----w- c:\program files\common files\Motive
2010-07-16 01:31:34 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
==================== Find3M ====================
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2009-01-31 22:05:27 104 --sh--r- c:\windows\system32\94DC51B365.sys
2009-01-31 22:05:29 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-10-26 18:42:14 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102620081027\index.dat
2008-11-17 03:37:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111620081117\index.dat
============= FINISH: 14:37:17.71 ===============
Attach Log file below:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/14/2006 8:59:19 PM
System Uptime: 7/25/2010 2:25:43 PM (0 hours ago)
Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 107 GiB total, 63.572 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 37.165 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6000 E609n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6000 E609n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6000 E609n
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet 6000 E609n
PNP Device ID: ROOT\PRINTER\0000
Service:
==== System Restore Points ===================
RP437: 4/23/2010 8:15:29 AM - System Checkpoint
RP438: 4/24/2010 8:15:40 AM - System Checkpoint
RP439: 4/25/2010 4:42:33 PM - System Checkpoint
RP440: 4/26/2010 5:55:28 PM - System Checkpoint
RP441: 4/27/2010 6:42:40 PM - System Checkpoint
RP442: 4/28/2010 8:32:32 PM - System Checkpoint
RP443: 4/30/2010 7:42:27 AM - System Checkpoint
RP444: 5/1/2010 11:31:53 AM - System Checkpoint
RP445: 5/2/2010 12:36:31 PM - Removed WinZip 14.0
RP446: 5/2/2010 12:39:46 PM - Installed WinZip 14.5
RP447: 5/3/2010 1:46:51 PM - System Checkpoint
RP448: 5/5/2010 3:53:05 PM - System Checkpoint
RP449: 5/6/2010 4:06:49 PM - System Checkpoint
RP450: 5/7/2010 4:54:54 PM - System Checkpoint
RP451: 5/8/2010 5:08:55 PM - System Checkpoint
RP452: 5/9/2010 6:21:32 PM - System Checkpoint
RP453: 5/11/2010 9:50:06 AM - System Checkpoint
RP454: 5/12/2010 2:52:55 PM - System Checkpoint
RP455: 5/12/2010 9:42:37 PM - Software Distribution Service 3.0
RP456: 5/15/2010 12:41:22 PM - System Checkpoint
RP457: 5/16/2010 12:57:55 PM - System Checkpoint
RP458: 5/18/2010 10:33:43 AM - System Checkpoint
RP459: 5/19/2010 4:50:36 PM - System Checkpoint
RP460: 5/20/2010 5:21:20 PM - System Checkpoint
RP461: 5/21/2010 8:55:47 PM - System Checkpoint
RP462: 5/22/2010 9:11:03 PM - System Checkpoint
RP463: 5/23/2010 5:19:22 PM - Installed eFax Messenger
RP464: 5/24/2010 6:12:06 PM - System Checkpoint
RP465: 5/25/2010 7:07:57 PM - System Checkpoint
RP466: 5/25/2010 10:53:46 PM - Software Distribution Service 3.0
RP467: 5/27/2010 8:10:49 PM - System Checkpoint
RP468: 5/28/2010 8:29:00 PM - System Checkpoint
RP469: 5/30/2010 8:37:16 AM - System Checkpoint
RP470: 5/31/2010 9:05:28 AM - System Checkpoint
RP471: 6/1/2010 9:16:46 AM - System Checkpoint
RP472: 6/2/2010 2:26:12 PM - System Checkpoint
RP473: 6/3/2010 2:29:00 PM - System Checkpoint
RP474: 6/4/2010 4:05:29 PM - System Checkpoint
RP475: 6/4/2010 10:40:00 PM - Software Distribution Service 3.0
RP476: 6/5/2010 11:26:08 PM - System Checkpoint
RP477: 6/6/2010 11:31:54 PM - System Checkpoint
RP478: 6/8/2010 4:08:53 PM - System Checkpoint
RP479: 6/9/2010 5:31:26 PM - System Checkpoint
RP480: 6/10/2010 11:15:05 PM - Software Distribution Service 3.0
RP481: 6/12/2010 1:20:19 PM - System Checkpoint
RP482: 6/13/2010 3:41:24 PM - System Checkpoint
RP483: 6/16/2010 10:00:32 AM - System Checkpoint
RP484: 6/18/2010 1:37:12 PM - System Checkpoint
RP485: 7/11/2010 9:50:36 PM - Software Distribution Service 3.0
RP486: 7/15/2010 9:58:29 PM - Software Distribution Service 3.0
RP487: 7/17/2010 4:24:39 PM - System Checkpoint
RP488: 7/18/2010 9:14:20 PM - System Checkpoint
RP489: 7/20/2010 7:25:27 PM - System Checkpoint
==== Installed Programs ======================
32 Bit HP CIO Components Installer
6000E609_eDocs
6000E609_Help
6000E609n
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applet_App
Applet_Copy
Applet_Creativity
Applet_Email
Applet_Epp
Applet_File
Applet_OCR
Applet_Web
ArcSoft PhotoImpression 3.0
Authentium AntiVirus SDK - 2
Bonjour
BPDSoftware
BPDSoftware_Ini
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Citrix Presentation Server Client - Web Only
Compatibility Pack for the 2007 Office system
CompuChess 2004
Conexant D850 56K V.9x DFVc Modem
Copy Utility
Corel Paint Shop Pro X
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
DellSupport
DeviceDiscovery
Digital Content Portal
Digital Line Detect
Disney's ReadingQuest
Documents To Go
Dreamship Tales
eFax Messenger
ELIcon
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN 5
ERUNT 1.1j
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Officejet 6000 E609 Series
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Ink Monitor
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iTunes
Java(TM) 6 Update 11
JumpStart Phonics
JumpStart Phonics Read and Rhyme
Learn2 Player (Uninstall Only)
LEGO My Style Preschool
Magic 3D Coloring Book Cool Critters
Malwarebytes' Anti-Malware
MarketResearch
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Mirar
MobileMe Control Panel
Modem Helper
Move Networks Media Player for Internet Explorer
MSN
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Network
Otto
Palm Desktop
Palm VersaMail(tm)
PPSDKRedistributables
ProductContext
QuickTime
Radialpoint Security Services
Reader Rabbit 1st Grade
Reader Rabbit Personalized Preschool
Reader Rabbit Reading Ages 4-6
Reader Rabbit Toddler
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SA21xx Device Manager
Safari
Search Assist
Secunia PSI (RC4)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Shop for HP Supplies
Skype™ 3.8
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SpywareBlaster 4.1
Status
The ClueFinders Reading Adventures Ages 9-12
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Verizon Broadband Toolbar (IE only)
Verizon Help and Support Tool
Verizon PC Security Checkup
Verizon Servicepoint 1.5.22
Vz In Home Agent
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip 14.5
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
7/18/2010 7:59:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
7/18/2010 6:43:19 PM, error: Print [19] - Sharing printer failed + 1722, Printer HP Officejet 6000 E609n Series share name Printer3.
7/18/2010 10:19:39 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/18/2010 10:19:39 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
==== End Of File ===========================
Most recent MBAM Log file:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4336
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/21/2010 7:25:35 PM
mbam-log-2010-07-21 (19-25-35).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 266997
Time elapsed: 57 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hi,
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck all but sections option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply. Post a fresh dds.txt log too.
Here is the log file after running GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-30 19:33:15
Windows 5.1.2600 Service Pack 3
Running: 2eis85zr.exe; Driver: C:\DOCUME~1\RANGAN~1\LOCALS~1\Temp\awrcraog.sys
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!IoGetBootDiskInformation + 66F 8056BB79 7 Bytes JMP 867C3C74
PAGE ntkrnlpa.exe!NtSetInformationFile 805702F6 5 Bytes JMP 86B2C1F4
PAGE ntkrnlpa.exe!NtWriteFile 805722BA 7 Bytes JMP 86B2C01C
PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP 86B2C324
PAGE ntkrnlpa.exe!ObCloseHandle + 17 805B1CB5 7 Bytes JMP 867C3B44
PAGE ntkrnlpa.exe!NtDuplicateObject 805B38CE 7 Bytes JMP 86AD5DBC
PAGE ntkrnlpa.exe!ZwSetSystemInformation 80605F20 5 Bytes JMP 867C3DA4
PAGE Fastfat.SYS 9D03D9C8 7 Bytes JMP 86AD5EEC
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Verizon\McciBrowser.exe[440] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E6000A
.text C:\Program Files\Verizon\McciBrowser.exe[440] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E7000A
.text C:\Program Files\Verizon\McciBrowser.exe[440] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E5000C
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A2000A
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A3000A
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A1000C
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0109000A
.text C:\WINDOWS\System32\svchost.exe[1080] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00FE000A
.text C:\WINDOWS\Explorer.EXE[1684] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C7000A
.text C:\WINDOWS\Explorer.EXE[1684] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CD000A
.text C:\WINDOWS\Explorer.EXE[1684] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C6000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B2000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1792] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Verizon\McciBrowser.exe[2608] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E6000A
.text C:\Program Files\Verizon\McciBrowser.exe[2608] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E7000A
.text C:\Program Files\Verizon\McciBrowser.exe[2608] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E5000C
.text C:\Program Files\Verizon\McciBrowser.exe[2708] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E6000A
.text C:\Program Files\Verizon\McciBrowser.exe[2708] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E7000A
.text C:\Program Files\Verizon\McciBrowser.exe[2708] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E5000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B2000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B2000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3532] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Here is the DDS log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Ranga Narayanan at 19:37:19.02 on Fri 07/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.344 [GMT -4:00]
AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Verizon\McciBrowser.exe
C:\Program Files\Verizon\McciBrowser.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Documents and Settings\Ranga Narayanan\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\rangan~1\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\windows\dvzcommon\DvzMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
Trusted Zone: turbotax.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-IN/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231595243_a89607c8f780acd149fd749b7f626f41&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-10-27 7808]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [2005-8-16 5120]
=============== Created Last 30 ================
2010-07-19 05:10:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-19 00:02:45 0 d-----w- c:\program files\common files\Motive
2010-07-16 01:31:34 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
==================== Find3M ====================
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2009-01-31 22:05:27 104 --sh--r- c:\windows\system32\94DC51B365.sys
2009-01-31 22:05:29 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-10-26 18:42:14 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102620081027\index.dat
2008-11-17 03:37:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111620081117\index.dat
2010-05-01 14:54:51 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
============= FINISH: 19:39:06.28 ===============
I don't know if you need this but here is the attach.txt file too:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/14/2006 8:59:19 PM
System Uptime: 7/30/2010 7:20:34 PM (0 hours ago)
Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2792/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 107 GiB total, 63.771 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 37.165 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6000 E609n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6000 E609n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6000 E609n
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet 6000 E609n
PNP Device ID: ROOT\PRINTER\0000
Service:
==== System Restore Points ===================
RP441: 4/27/2010 6:42:40 PM - System Checkpoint
RP442: 4/28/2010 8:32:32 PM - System Checkpoint
RP443: 4/30/2010 7:42:27 AM - System Checkpoint
RP444: 5/1/2010 11:31:53 AM - System Checkpoint
RP445: 5/2/2010 12:36:31 PM - Removed WinZip 14.0
RP446: 5/2/2010 12:39:46 PM - Installed WinZip 14.5
RP447: 5/3/2010 1:46:51 PM - System Checkpoint
RP448: 5/5/2010 3:53:05 PM - System Checkpoint
RP449: 5/6/2010 4:06:49 PM - System Checkpoint
RP450: 5/7/2010 4:54:54 PM - System Checkpoint
RP451: 5/8/2010 5:08:55 PM - System Checkpoint
RP452: 5/9/2010 6:21:32 PM - System Checkpoint
RP453: 5/11/2010 9:50:06 AM - System Checkpoint
RP454: 5/12/2010 2:52:55 PM - System Checkpoint
RP455: 5/12/2010 9:42:37 PM - Software Distribution Service 3.0
RP456: 5/15/2010 12:41:22 PM - System Checkpoint
RP457: 5/16/2010 12:57:55 PM - System Checkpoint
RP458: 5/18/2010 10:33:43 AM - System Checkpoint
RP459: 5/19/2010 4:50:36 PM - System Checkpoint
RP460: 5/20/2010 5:21:20 PM - System Checkpoint
RP461: 5/21/2010 8:55:47 PM - System Checkpoint
RP462: 5/22/2010 9:11:03 PM - System Checkpoint
RP463: 5/23/2010 5:19:22 PM - Installed eFax Messenger
RP464: 5/24/2010 6:12:06 PM - System Checkpoint
RP465: 5/25/2010 7:07:57 PM - System Checkpoint
RP466: 5/25/2010 10:53:46 PM - Software Distribution Service 3.0
RP467: 5/27/2010 8:10:49 PM - System Checkpoint
RP468: 5/28/2010 8:29:00 PM - System Checkpoint
RP469: 5/30/2010 8:37:16 AM - System Checkpoint
RP470: 5/31/2010 9:05:28 AM - System Checkpoint
RP471: 6/1/2010 9:16:46 AM - System Checkpoint
RP472: 6/2/2010 2:26:12 PM - System Checkpoint
RP473: 6/3/2010 2:29:00 PM - System Checkpoint
RP474: 6/4/2010 4:05:29 PM - System Checkpoint
RP475: 6/4/2010 10:40:00 PM - Software Distribution Service 3.0
RP476: 6/5/2010 11:26:08 PM - System Checkpoint
RP477: 6/6/2010 11:31:54 PM - System Checkpoint
RP478: 6/8/2010 4:08:53 PM - System Checkpoint
RP479: 6/9/2010 5:31:26 PM - System Checkpoint
RP480: 6/10/2010 11:15:05 PM - Software Distribution Service 3.0
RP481: 6/12/2010 1:20:19 PM - System Checkpoint
RP482: 6/13/2010 3:41:24 PM - System Checkpoint
RP483: 6/16/2010 10:00:32 AM - System Checkpoint
RP484: 6/18/2010 1:37:12 PM - System Checkpoint
RP485: 7/11/2010 9:50:36 PM - Software Distribution Service 3.0
RP486: 7/15/2010 9:58:29 PM - Software Distribution Service 3.0
RP487: 7/17/2010 4:24:39 PM - System Checkpoint
RP488: 7/18/2010 9:14:20 PM - System Checkpoint
RP489: 7/20/2010 7:25:27 PM - System Checkpoint
RP490: 7/25/2010 3:32:20 PM - System Checkpoint
==== Installed Programs ======================
32 Bit HP CIO Components Installer
6000E609_eDocs
6000E609_Help
6000E609n
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applet_App
Applet_Copy
Applet_Creativity
Applet_Email
Applet_Epp
Applet_File
Applet_OCR
Applet_Web
ArcSoft PhotoImpression 3.0
Authentium AntiVirus SDK - 2
Bonjour
BPDSoftware
BPDSoftware_Ini
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Citrix Presentation Server Client - Web Only
Compatibility Pack for the 2007 Office system
CompuChess 2004
Conexant D850 56K V.9x DFVc Modem
Copy Utility
Corel Paint Shop Pro X
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
DellSupport
DeviceDiscovery
Digital Content Portal
Digital Line Detect
Disney's ReadingQuest
Documents To Go
Dreamship Tales
eFax Messenger
ELIcon
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN 5
ERUNT 1.1j
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Officejet 6000 E609 Series
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Ink Monitor
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iTunes
Java(TM) 6 Update 11
JumpStart Phonics
JumpStart Phonics Read and Rhyme
Learn2 Player (Uninstall Only)
LEGO My Style Preschool
Magic 3D Coloring Book Cool Critters
Malwarebytes' Anti-Malware
MarketResearch
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Mirar
MobileMe Control Panel
Modem Helper
Move Networks Media Player for Internet Explorer
MSN
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Network
Otto
Palm Desktop
Palm VersaMail(tm)
PPSDKRedistributables
ProductContext
QuickTime
Radialpoint Security Services
Reader Rabbit 1st Grade
Reader Rabbit Personalized Preschool
Reader Rabbit Reading Ages 4-6
Reader Rabbit Toddler
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SA21xx Device Manager
Safari
Search Assist
Secunia PSI (RC4)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Shop for HP Supplies
Skype™ 3.8
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SpywareBlaster 4.1
Status
The ClueFinders Reading Adventures Ages 9-12
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Verizon Broadband Toolbar (IE only)
Verizon Help and Support Tool
Verizon PC Security Checkup
Verizon Servicepoint 1.5.22
Vz In Home Agent
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip 14.5
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
7/25/2010 2:16:06 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/25/2010 2:16:06 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
==== End Of File ===========================
Hi,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Unfortunately, I appear to have made my situation worse and your job harder - my apologies.
In trying to follow instructions faithfully prior downloading ComboFix, I disabled my Windows firewall and mistook a warning to block a virus as coming from Windows. In the process, I have now got a malware infection called AntiVir Solution Pro, which is preventing me from getting to any website on IE. Therefore, I am unable to download and run ComboFix. Please advise what I should do. Should I try to clean this new malware with the MBAM or Spybot already residing on my computer - not sure if it will work and didn't try because I wanted to make sure to check with you first (I feel foolish enough already).
Thanks in advance for your help.
I forgot to mention that a few hours before I made the mistake described in my earlier post, I received the following message from 16-bit MS-DOS Subsystem while I was checking my e-mail on Yahoo:
C:\Program Files\Java\jre6\bin\java.exe
The NTVDM CPU has encountered an illegal instruction
CS:057a IP:fff7 OP:ff fa ff fc ff
I was given the option to Close (to terminate the application) or Ignore and I chose Close.
About 5 minutes later my computer froze and I needed to re-boot. Didn't notice any problem upon re-boot. Don't know if this has anything to do with my infection but just wanted you to know.
Hi,
If MBAM doesn't run (test that option first) then you have to download ComboFix via other system and then transfer to affected system.
Hi,
I was able to remove the AntiVir malware with MBAM. I then downloaded and ran ComboFix as you had originally suggested. The ComboFix log and DDS logs are pasted below. While I don't see the "Defense Center outdated" bubble on my system tray any more, I did have IE opening a new tab automatically and going to some fake antivirus site once after running ComboFix. Even before I ran ComboFix, this would happen relatively infrequently. So I guess my computer is not yet completely clean.
Here is the ComboFix log:
ComboFix 10-07-31.04 - Ranga Narayanan 08/01/2010 15:26:41.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.689 [GMT -4:00]
Running from: c:\documents and settings\Ranga Narayanan\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ranga Narayanan\Local Settings\Temporary Internet Files\GM0kH41.jpg
c:\documents and settings\Ranga Narayanan\Local Settings\Temporary Internet Files\p7xuaRSig.jpg
c:\documents and settings\Ranga Narayanan\Local Settings\Temporary Internet Files\pWNR0.jpg
c:\documents and settings\Ranga Narayanan\Local Settings\Temporary Internet Files\q6C2W3.jpg
.
((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.
2010-07-31 14:53 . 2010-08-01 18:58 -------- d-----w- c:\documents and settings\Ranga Narayanan\Local Settings\Application Data\xirgimrqv
2010-07-25 18:32 . 2010-07-25 18:33 -------- d-----w- c:\program files\ERUNT
2010-07-21 00:09 . 2010-07-21 01:54 -------- d-----w- c:\documents and settings\NetworkService\Application Data\8tfujmvf
2010-07-21 00:09 . 2010-07-21 02:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-19 05:10 . 2010-08-01 19:17 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-19 00:02 . 2010-07-19 00:02 -------- d-----w- c:\program files\Common Files\Motive
2010-07-18 21:24 . 2010-07-18 21:24 -------- d-----w- c:\documents and settings\Revathi Subramony\Application Data\Malwarebytes
2010-07-18 20:09 . 2010-07-18 21:23 -------- d-----w- c:\documents and settings\Ranga Narayanan\Local Settings\Application Data\bsbmafnri
2010-07-16 01:31 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 19:10 . 2010-02-06 00:07 -------- d-----w- c:\documents and settings\Ranga Narayanan\Application Data\HPAppData
2010-08-01 18:10 . 2010-02-09 15:18 -------- d-----w- c:\documents and settings\Revathi Subramony\Application Data\HPAppData
2010-07-30 23:28 . 2010-05-03 01:01 -------- d-----w- c:\documents and settings\Ranga Narayanan\Application Data\HpUpdate
2010-07-21 02:13 . 2008-11-17 02:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-21 00:09 . 2010-07-21 00:09 0 ----a-w- c:\documents and settings\NetworkService\Application Data\dsktop.dat
2010-07-19 00:09 . 2008-11-17 02:08 -------- d-----w- c:\program files\SpywareBlaster
2010-06-14 14:31 . 2005-08-16 09:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-06 16:22 . 2008-11-15 01:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-05 09:22 . 2008-08-15 01:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-23 21:19 . 2010-05-23 21:19 4710 ----a-r- c:\documents and settings\Ranga Narayanan\Application Data\Microsoft\Installer\{DF6DA606-904D-4C18-823F-A4CFC3035E53}\ext.exe
2010-05-06 10:41 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2009-01-31 22:05 . 2006-07-04 15:55 104 --sh--r- c:\windows\system32\94DC51B365.sys
2009-01-31 22:05 . 2006-07-04 15:55 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
c:\documents and settings\Revathi Subramony\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\my documents\HOTSYNC.EXE [2003-9-25 299008]
c:\documents and settings\Ranga Narayanan\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DataViz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-7-1 24576]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-14 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Ranga Narayanan^Start Menu^Programs^Startup^Secunia PSI (RC4).lnk]
path=c:\documents and settings\Ranga Narayanan\Start Menu\Programs\Startup\Secunia PSI (RC4).lnk
backup=c:\windows\pss\Secunia PSI (RC4).lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-06-14 17:11 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
2001-10-16 18:10 258118 ------w- c:\program files\EPSON\Ink Monitor\InkMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 14:00 241714 ----a-w- c:\program files\Microsoft Money\System\Activation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-30 02:17 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\My Documents\\HOTSYNC.EXE"=
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2010 10:24 PM 135664]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [10/27/2008 4:04 AM 7808]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [8/16/2005 5:18 AM 5120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 02:24]
2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: turbotax.com
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-bvoxqmgn - c:\documents and settings\Ranga Narayanan\Local Settings\Application Data\xirgimrqv\hemtfxdtssd.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-CTFMON - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 15:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86ECBEC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7742f28
\Driver\ACPI -> ACPI.sys @ 0xf7555cb8
\Driver\atapi -> atapi.sys @ 0xf74cf852
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(696)
c:\windows\system32\WININET.dll
.
Completion time: 2010-08-01 15:47:40
ComboFix-quarantined-files.txt 2010-08-01 19:47
ComboFix2.txt 2008-11-15 01:14
Pre-Run: 70,075,715,584 bytes free
Post-Run: 71,140,806,656 bytes free
- - End Of File - - 54FF1560CAFE0E2553EC79C9B538FDFA
Here are the DDS logs:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Ranga Narayanan at 18:47:40.00 on Sun 08/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.591 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ranga Narayanan\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\rangan~1\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\windows\dvzcommon\DvzMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
Trusted Zone: turbotax.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-IN/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231595243_a89607c8f780acd149fd749b7f626f41&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-10-27 7808]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [2005-8-16 5120]
=============== Created Last 30 ================
2010-08-01 19:14:07 98816 ----a-w- c:\windows\sed.exe
2010-08-01 19:14:07 77312 ----a-w- c:\windows\MBR.exe
2010-08-01 19:14:07 256512 ----a-w- c:\windows\PEV.exe
2010-08-01 19:14:07 161792 ----a-w- c:\windows\SWREG.exe
2010-07-19 05:10:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-19 00:02:45 0 d-----w- c:\program files\common files\Motive
2010-07-16 01:31:34 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
==================== Find3M ====================
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-01-31 22:05:27 104 --sh--r- c:\windows\system32\94DC51B365.sys
2009-01-31 22:05:29 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-10-26 18:42:14 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102620081027\index.dat
2008-11-17 03:37:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111620081117\index.dat
2010-05-01 14:54:51 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
============= FINISH: 18:49:15.79 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/14/2006 8:59:19 PM
System Uptime: 8/1/2010 5:32:31 PM (1 hours ago)
Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 107 GiB total, 66.424 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 37.165 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6000 E609n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6000 E609n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6000 E609n
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet 6000 E609n
PNP Device ID: ROOT\PRINTER\0000
Service:
==== System Restore Points ===================
RP448: 5/5/2010 3:53:05 PM - System Checkpoint
RP449: 5/6/2010 4:06:49 PM - System Checkpoint
RP450: 5/7/2010 4:54:54 PM - System Checkpoint
RP451: 5/8/2010 5:08:55 PM - System Checkpoint
RP452: 5/9/2010 6:21:32 PM - System Checkpoint
RP453: 5/11/2010 9:50:06 AM - System Checkpoint
RP454: 5/12/2010 2:52:55 PM - System Checkpoint
RP455: 5/12/2010 9:42:37 PM - Software Distribution Service 3.0
RP456: 5/15/2010 12:41:22 PM - System Checkpoint
RP457: 5/16/2010 12:57:55 PM - System Checkpoint
RP458: 5/18/2010 10:33:43 AM - System Checkpoint
RP459: 5/19/2010 4:50:36 PM - System Checkpoint
RP460: 5/20/2010 5:21:20 PM - System Checkpoint
RP461: 5/21/2010 8:55:47 PM - System Checkpoint
RP462: 5/22/2010 9:11:03 PM - System Checkpoint
RP463: 5/23/2010 5:19:22 PM - Installed eFax Messenger
RP464: 5/24/2010 6:12:06 PM - System Checkpoint
RP465: 5/25/2010 7:07:57 PM - System Checkpoint
RP466: 5/25/2010 10:53:46 PM - Software Distribution Service 3.0
RP467: 5/27/2010 8:10:49 PM - System Checkpoint
RP468: 5/28/2010 8:29:00 PM - System Checkpoint
RP469: 5/30/2010 8:37:16 AM - System Checkpoint
RP470: 5/31/2010 9:05:28 AM - System Checkpoint
RP471: 6/1/2010 9:16:46 AM - System Checkpoint
RP472: 6/2/2010 2:26:12 PM - System Checkpoint
RP473: 6/3/2010 2:29:00 PM - System Checkpoint
RP474: 6/4/2010 4:05:29 PM - System Checkpoint
RP475: 6/4/2010 10:40:00 PM - Software Distribution Service 3.0
RP476: 6/5/2010 11:26:08 PM - System Checkpoint
RP477: 6/6/2010 11:31:54 PM - System Checkpoint
RP478: 6/8/2010 4:08:53 PM - System Checkpoint
RP479: 6/9/2010 5:31:26 PM - System Checkpoint
RP480: 6/10/2010 11:15:05 PM - Software Distribution Service 3.0
RP481: 6/12/2010 1:20:19 PM - System Checkpoint
RP482: 6/13/2010 3:41:24 PM - System Checkpoint
RP483: 6/16/2010 10:00:32 AM - System Checkpoint
RP484: 6/18/2010 1:37:12 PM - System Checkpoint
RP485: 7/11/2010 9:50:36 PM - Software Distribution Service 3.0
RP486: 7/15/2010 9:58:29 PM - Software Distribution Service 3.0
RP487: 7/17/2010 4:24:39 PM - System Checkpoint
RP488: 7/18/2010 9:14:20 PM - System Checkpoint
RP489: 7/20/2010 7:25:27 PM - System Checkpoint
RP490: 7/25/2010 3:32:20 PM - System Checkpoint
RP491: 7/31/2010 7:53:45 AM - System Checkpoint
RP492: 8/1/2010 5:52:05 PM - System Checkpoint
==== Installed Programs ======================
32 Bit HP CIO Components Installer
6000E609_eDocs
6000E609_Help
6000E609n
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applet_App
Applet_Copy
Applet_Creativity
Applet_Email
Applet_Epp
Applet_File
Applet_OCR
Applet_Web
ArcSoft PhotoImpression 3.0
Authentium AntiVirus SDK - 2
Bonjour
BPDSoftware
BPDSoftware_Ini
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Citrix Presentation Server Client - Web Only
Compatibility Pack for the 2007 Office system
CompuChess 2004
Conexant D850 56K V.9x DFVc Modem
Copy Utility
Corel Paint Shop Pro X
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
DellSupport
DeviceDiscovery
Digital Content Portal
Digital Line Detect
Disney's ReadingQuest
Documents To Go
Dreamship Tales
eFax Messenger
ELIcon
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN 5
ERUNT 1.1j
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Officejet 6000 E609 Series
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Ink Monitor
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iTunes
Java(TM) 6 Update 11
JumpStart Phonics
JumpStart Phonics Read and Rhyme
Learn2 Player (Uninstall Only)
LEGO My Style Preschool
Magic 3D Coloring Book Cool Critters
Malwarebytes' Anti-Malware
MarketResearch
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Mirar
MobileMe Control Panel
Modem Helper
Move Networks Media Player for Internet Explorer
MSN
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Network
Otto
Palm Desktop
Palm VersaMail(tm)
PPSDKRedistributables
ProductContext
QuickTime
Radialpoint Security Services
Reader Rabbit 1st Grade
Reader Rabbit Personalized Preschool
Reader Rabbit Reading Ages 4-6
Reader Rabbit Toddler
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SA21xx Device Manager
Safari
Search Assist
Secunia PSI (RC4)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Shop for HP Supplies
Skype™ 3.8
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SpywareBlaster 4.1
Status
The ClueFinders Reading Adventures Ages 9-12
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Verizon Broadband Toolbar (IE only)
Verizon Help and Support Tool
Verizon PC Security Checkup
Verizon Servicepoint 1.5.22
Vz In Home Agent
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip 14.5
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
8/1/2010 2:59:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
7/30/2010 7:21:29 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/25/2010 2:26:42 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
==== End Of File ===========================
Hi,
1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
Hi:
Here is the log file after running TDSSKiller. Please advise on next steps. Thanks a lot.
2010/08/02 20:35:10.0461 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/08/02 20:35:10.0461 ================================================================================
2010/08/02 20:35:10.0461 SystemInfo:
2010/08/02 20:35:10.0461
2010/08/02 20:35:10.0461 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/02 20:35:10.0461 Product type: Workstation
2010/08/02 20:35:10.0461 ComputerName: STUDYCOMPUTER
2010/08/02 20:35:10.0477 UserName: Ranga Narayanan
2010/08/02 20:35:10.0477 Windows directory: C:\WINDOWS
2010/08/02 20:35:10.0477 System windows directory: C:\WINDOWS
2010/08/02 20:35:10.0477 Processor architecture: Intel x86
2010/08/02 20:35:10.0477 Number of processors: 1
2010/08/02 20:35:10.0477 Page size: 0x1000
2010/08/02 20:35:10.0477 Boot type: Normal boot
2010/08/02 20:35:10.0477 ================================================================================
2010/08/02 20:35:11.0008 Initialize success
2010/08/02 20:35:15.0025 ================================================================================
2010/08/02 20:35:15.0025 Scan started
2010/08/02 20:35:15.0025 Mode: Manual;
2010/08/02 20:35:15.0025 ================================================================================
2010/08/02 20:35:16.0416 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/08/02 20:35:16.0509 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/02 20:35:16.0541 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/02 20:35:16.0603 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/08/02 20:35:16.0634 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/02 20:35:16.0697 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/02 20:35:16.0728 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/02 20:35:16.0744 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/08/02 20:35:16.0775 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/08/02 20:35:16.0791 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/08/02 20:35:16.0806 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/08/02 20:35:16.0838 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/08/02 20:35:16.0853 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/08/02 20:35:16.0885 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/08/02 20:35:16.0900 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/08/02 20:35:16.0916 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/08/02 20:35:16.0916 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/08/02 20:35:16.0947 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/08/02 20:35:16.0978 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/02 20:35:17.0041 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/02 20:35:17.0088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/02 20:35:17.0119 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/02 20:35:17.0135 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/02 20:35:17.0228 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/08/02 20:35:17.0244 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/02 20:35:17.0291 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/02 20:35:17.0353 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/08/02 20:35:17.0369 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/02 20:35:17.0400 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/02 20:35:17.0432 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/02 20:35:17.0463 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/08/02 20:35:17.0510 CO_Mon (5ea373ab51dfa82c1324d4e9e2bfb410) C:\WINDOWS\system32\Drivers\CO_Mon.sys
2010/08/02 20:35:17.0541 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/08/02 20:35:17.0588 CSS DVP (d7cde6905f84b438ed3de5997c9b2cfa) C:\WINDOWS\system32\DRIVERS\css-dvp.sys
2010/08/02 20:35:17.0666 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/08/02 20:35:17.0682 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/08/02 20:35:17.0744 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/02 20:35:17.0791 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/08/02 20:35:17.0822 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/08/02 20:35:17.0853 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/08/02 20:35:17.0869 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/08/02 20:35:17.0885 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/08/02 20:35:17.0900 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/08/02 20:35:17.0932 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/08/02 20:35:17.0979 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/08/02 20:35:18.0010 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/08/02 20:35:18.0088 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/02 20:35:18.0197 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/02 20:35:18.0229 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/02 20:35:18.0260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/02 20:35:18.0307 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/08/02 20:35:18.0322 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/02 20:35:18.0369 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/08/02 20:35:18.0416 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/08/02 20:35:18.0479 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/08/02 20:35:18.0510 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/08/02 20:35:18.0541 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/08/02 20:35:18.0572 Eplpdx02 (f9472131367d39435d750f5fa3d23582) C:\WINDOWS\system32\Drivers\EPLPDX02.SYS
2010/08/02 20:35:18.0619 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/02 20:35:18.0666 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/02 20:35:18.0713 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/02 20:35:18.0760 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/02 20:35:18.0822 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/02 20:35:18.0854 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/02 20:35:18.0901 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/02 20:35:18.0947 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/02 20:35:18.0947 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/02 20:35:19.0010 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/02 20:35:19.0041 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/02 20:35:19.0072 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/08/02 20:35:19.0104 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/08/02 20:35:19.0135 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/08/02 20:35:19.0182 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/08/02 20:35:19.0213 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/08/02 20:35:19.0276 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/08/02 20:35:19.0385 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/02 20:35:19.0416 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/08/02 20:35:19.0448 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/08/02 20:35:19.0463 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/02 20:35:19.0510 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/02 20:35:19.0588 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/02 20:35:19.0619 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/08/02 20:35:19.0651 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/02 20:35:19.0713 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/02 20:35:19.0729 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/02 20:35:19.0776 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/02 20:35:19.0807 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/02 20:35:19.0838 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/02 20:35:19.0901 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/02 20:35:19.0948 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/02 20:35:20.0010 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/02 20:35:20.0073 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/02 20:35:20.0166 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/02 20:35:20.0213 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/08/02 20:35:20.0260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/02 20:35:20.0291 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/02 20:35:20.0338 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/02 20:35:20.0370 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/08/02 20:35:20.0401 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/02 20:35:20.0417 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/02 20:35:20.0448 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/08/02 20:35:20.0495 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/02 20:35:20.0526 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/02 20:35:20.0542 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/02 20:35:20.0573 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/08/02 20:35:20.0682 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/02 20:35:20.0792 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/02 20:35:20.0885 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/02 20:35:20.0901 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/02 20:35:20.0917 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/02 20:35:20.0948 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/02 20:35:20.0964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/02 20:35:20.0995 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/02 20:35:21.0026 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/02 20:35:21.0057 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/02 20:35:21.0073 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/02 20:35:21.0104 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/02 20:35:21.0135 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/02 20:35:21.0151 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/02 20:35:21.0167 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/02 20:35:21.0198 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/02 20:35:21.0229 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/02 20:35:21.0292 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/02 20:35:21.0339 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/02 20:35:21.0417 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/02 20:35:21.0448 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/02 20:35:21.0526 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/02 20:35:21.0636 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/02 20:35:21.0667 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/02 20:35:21.0714 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2010/08/02 20:35:21.0776 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/02 20:35:21.0807 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/02 20:35:21.0839 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/02 20:35:21.0870 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/02 20:35:21.0932 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/02 20:35:21.0964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/02 20:35:22.0057 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/08/02 20:35:22.0073 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/08/02 20:35:22.0104 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/02 20:35:22.0120 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/02 20:35:22.0198 PSI (fb078d23ad7fce5db2777c55e6d1db21) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2010/08/02 20:35:22.0245 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/02 20:35:22.0276 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/02 20:35:22.0308 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
2010/08/02 20:35:22.0339 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/08/02 20:35:22.0354 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/08/02 20:35:22.0370 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/08/02 20:35:22.0386 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/08/02 20:35:22.0401 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/08/02 20:35:22.0433 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/02 20:35:22.0464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/02 20:35:22.0479 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/02 20:35:22.0511 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/02 20:35:22.0573 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/02 20:35:22.0604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/02 20:35:22.0636 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/02 20:35:22.0683 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/02 20:35:22.0745 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/02 20:35:22.0792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/02 20:35:22.0855 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/02 20:35:22.0901 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/02 20:35:22.0980 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/02 20:35:23.0026 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/08/02 20:35:23.0042 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/02 20:35:23.0089 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/08/02 20:35:23.0120 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/02 20:35:23.0167 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/02 20:35:23.0245 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/02 20:35:23.0308 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2010/08/02 20:35:23.0386 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/02 20:35:23.0417 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/02 20:35:23.0433 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/02 20:35:23.0464 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/08/02 20:35:23.0480 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/08/02 20:35:23.0511 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/08/02 20:35:23.0527 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/08/02 20:35:23.0558 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/02 20:35:23.0683 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/02 20:35:23.0730 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/02 20:35:23.0761 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/02 20:35:23.0808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/02 20:35:23.0855 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/08/02 20:35:23.0902 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/02 20:35:23.0917 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/08/02 20:35:23.0949 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/02 20:35:24.0042 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/02 20:35:24.0074 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/02 20:35:24.0089 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/02 20:35:24.0120 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/02 20:35:24.0167 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/02 20:35:24.0261 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/02 20:35:24.0308 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/02 20:35:24.0339 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/02 20:35:24.0355 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/02 20:35:24.0370 viaagp (5f2f91145249e04e9151d8d45e63251a) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/08/02 20:35:24.0370 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\viaagp.sys. Real md5: 5f2f91145249e04e9151d8d45e63251a, Fake md5: 754292ce5848b3738281b4f3607eaef4
2010/08/02 20:35:24.0370 viaagp - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/02 20:35:24.0402 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/08/02 20:35:24.0417 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/02 20:35:24.0449 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/02 20:35:24.0480 wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/08/02 20:35:24.0527 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/02 20:35:24.0574 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/08/02 20:35:24.0636 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/02 20:35:24.0667 ================================================================================
2010/08/02 20:35:24.0667 Scan finished
2010/08/02 20:35:24.0667 ================================================================================
2010/08/02 20:35:24.0683 Detected object count: 1
2010/08/02 20:36:03.0988 viaagp (5f2f91145249e04e9151d8d45e63251a) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/08/02 20:36:03.0988 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\viaagp.sys. Real md5: 5f2f91145249e04e9151d8d45e63251a, Fake md5: 754292ce5848b3738281b4f3607eaef4
2010/08/02 20:36:05.0864 Backup copy found, using it..
2010/08/02 20:36:05.0911 C:\WINDOWS\system32\DRIVERS\viaagp.sys - will be cured after reboot
2010/08/02 20:36:05.0911 Rootkit.Win32.TDSS.tdl3(viaagp) - User select action: Cure
2010/08/02 20:36:12.0209 Deinitialize success
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\documents and settings\Ranga Narayanan\Local Settings\Application Data\xirgimrqv
c:\documents and settings\NetworkService\Application Data\8tfujmvf
c:\documents and settings\Ranga Narayanan\Local Settings\Application Data\bsbmafnri
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00
DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 21 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Also, I recommend to uninstall Secunia PSI (RC4) and get the final version here (http://secunia.com/vulnerability_scanning/personal/).
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Issues left?
Hi,
Sorry for the delay in responding. I did everything you recommended. My system seems to be running fine and I am not seeing any popups or redirects. Here are the log files you requested:
ComboFix log:
ComboFix 10-08-03.02 - Ranga Narayanan 08/03/2010 21:29:54.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.591 [GMT -4:00]
Running from: c:\documents and settings\Ranga Narayanan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ranga Narayanan\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\NetworkService\Application Data\8tfujmvf
c:\documents and settings\Ranga Narayanan\Local Settings\Application Data\bsbmafnri
c:\documents and settings\Ranga Narayanan\Local Settings\Application Data\xirgimrqv
.
((((((((((((((((((((((((( Files Created from 2010-07-04 to 2010-08-04 )))))))))))))))))))))))))))))))
.
2010-08-03 00:19 . 2010-08-03 00:19 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240BD.TMP
2010-08-03 00:14 . 2010-08-03 00:34 -------- d-----w- C:\tdsskiller
2010-07-25 18:32 . 2010-07-25 18:33 -------- d-----w- c:\program files\ERUNT
2010-07-21 00:09 . 2010-07-21 02:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-19 05:10 . 2010-08-01 19:17 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-19 00:02 . 2010-07-19 00:02 -------- d-----w- c:\program files\Common Files\Motive
2010-07-18 21:24 . 2010-07-18 21:24 -------- d-----w- c:\documents and settings\Revathi Subramony\Application Data\Malwarebytes
2010-07-16 01:31 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 01:23 . 2010-02-06 00:07 -------- d-----w- c:\documents and settings\Ranga Narayanan\Application Data\HPAppData
2010-08-03 00:37 . 2005-08-17 02:21 42240 ----a-w- c:\windows\system32\drivers\viaagp.sys
2010-08-03 00:32 . 2008-11-15 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-08-01 18:10 . 2010-02-09 15:18 -------- d-----w- c:\documents and settings\Revathi Subramony\Application Data\HPAppData
2010-07-30 23:28 . 2010-05-03 01:01 -------- d-----w- c:\documents and settings\Ranga Narayanan\Application Data\HpUpdate
2010-07-21 02:13 . 2008-11-17 02:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-21 00:09 . 2010-07-21 00:09 0 ----a-w- c:\documents and settings\NetworkService\Application Data\dsktop.dat
2010-07-19 00:09 . 2008-11-17 02:08 -------- d-----w- c:\program files\SpywareBlaster
2010-06-14 14:31 . 2005-08-16 09:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-06 16:22 . 2008-11-15 01:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-05 09:22 . 2008-08-15 01:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-23 21:19 . 2010-05-23 21:19 4710 ----a-r- c:\documents and settings\Ranga Narayanan\Application Data\Microsoft\Installer\{DF6DA606-904D-4C18-823F-A4CFC3035E53}\ext.exe
2010-05-06 10:41 . 2005-08-16 09:18 916480 ----a-w- c:\windows\system32\wininet.dll
2009-01-31 22:05 . 2006-07-04 15:55 104 --sh--r- c:\windows\system32\94DC51B365.sys
2009-01-31 22:05 . 2006-07-04 15:55 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-08-01_19.42.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-04 01:17 . 2010-08-04 01:17 16384 c:\windows\temp\Perflib_Perfdata_668.dat
+ 2005-08-16 09:18 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
c:\documents and settings\Revathi Subramony\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\my documents\HOTSYNC.EXE [2003-9-25 299008]
c:\documents and settings\Ranga Narayanan\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DataViz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-7-1 24576]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-14 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Ranga Narayanan^Start Menu^Programs^Startup^Secunia PSI (RC4).lnk]
path=c:\documents and settings\Ranga Narayanan\Start Menu\Programs\Startup\Secunia PSI (RC4).lnk
backup=c:\windows\pss\Secunia PSI (RC4).lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-06-14 17:11 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
2001-10-16 18:10 258118 ------w- c:\program files\EPSON\Ink Monitor\InkMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
2001-07-25 14:00 241714 ----a-w- c:\program files\Microsoft Money\System\Activation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-30 02:17 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\My Documents\\HOTSYNC.EXE"=
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2010 10:24 PM 135664]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [10/27/2008 4:04 AM 7808]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [8/16/2005 5:18 AM 5120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 02:24]
2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: turbotax.com
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-klmdb.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-03 21:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3108)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-08-03 21:37:42
ComboFix-quarantined-files.txt 2010-08-04 01:37
ComboFix2.txt 2008-11-15 01:14
Pre-Run: 71,124,975,616 bytes free
Post-Run: 71,113,506,816 bytes free
- - End Of File - - 0523F1CAFABF80351608C0BC48FAE815
Here is the report after running the Kaspersky scanner:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, August 4, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, August 04, 2010 02:28:08
Records in database: 4146697
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 90413
Threats found: 8
Infected objects found: 13
Suspicious objects found: 0
Scan duration: 03:07:48
File name / Threat / Threats count
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-5bba8c8c Infected: Trojan-Downloader.Java.Agent.fx 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-5bba8c8c Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-5bba8c8c Infected: Trojan-Downloader.Java.Agent.fy 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\41\56bcbf29-6a2c8544 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\41\56bcbf29-6a2c8544 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\41\56bcbf29-6a2c8544 Infected: Trojan-Downloader.Java.Agent.fv 1
C:\Documents and Settings\Ranga Narayanan\Application Data\Sun\Java\Deployment\cache\6.0\2\4d1db782-5e72dac5 Infected: Trojan-Downloader.Java.Agent.bu 2
C:\Documents and Settings\Ranga Narayanan\Application Data\Sun\Java\Deployment\cache\6.0\40\8dc4ee8-30267529 Infected: Exploit.Java.Agent.a 1
C:\Documents and Settings\Ranga Narayanan\Application Data\Sun\Java\Deployment\cache\6.0\40\8dc4ee8-30267529 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Revathi Subramony\Application Data\Sun\Java\Deployment\cache\6.0\41\17212269-626633d5 Infected: Trojan-Downloader.Java.Agent.ft 1
C:\Documents and Settings\Revathi Subramony\Application Data\Sun\Java\Deployment\cache\6.0\41\17212269-626633d5 Infected: Trojan-Downloader.Java.Agent.fu 1
C:\Documents and Settings\Revathi Subramony\Application Data\Sun\Java\Deployment\cache\6.0\41\17212269-626633d5 Infected: Trojan-Downloader.Java.Agent.fv 1
Selected area has been scanned.
Finally, here are the DDS logs:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Ranga Narayanan at 18:22:10.37 on Wed 08/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.566 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Ranga Narayanan\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\rangan~1\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\rangan~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\windows\dvzcommon\DvzMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
Trusted Zone: turbotax.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-IN/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [2005-8-16 5120]
=============== Created Last 30 ================
2010-08-04 02:39:55 0 d-----w- c:\program files\iPod
2010-08-04 02:39:48 0 d-----w- c:\program files\iTunes
2010-08-04 02:29:37 0 d-----w- c:\program files\Bonjour
2010-08-04 02:03:23 0 d-----w- c:\program files\Secunia
2010-08-04 02:00:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-04 02:00:31 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-03 00:19:48 0 d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240BD.TMP
2010-08-03 00:14:03 0 d-----w- C:\tdsskiller
2010-08-01 19:14:07 98816 ----a-w- c:\windows\sed.exe
2010-08-01 19:14:07 77312 ----a-w- c:\windows\MBR.exe
2010-08-01 19:14:07 256512 ----a-w- c:\windows\PEV.exe
2010-08-01 19:14:07 161792 ----a-w- c:\windows\SWREG.exe
2010-07-19 05:10:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-19 00:02:45 0 d-----w- c:\program files\common files\Motive
2010-07-16 01:31:34 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-07 14:05:32 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
==================== Find3M ====================
2010-08-03 00:37:05 42240 ----a-w- c:\windows\system32\drivers\viaagp.sys
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-01-31 22:05:27 104 --sh--r- c:\windows\system32\94DC51B365.sys
2009-01-31 22:05:29 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-10-26 18:42:14 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102620081027\index.dat
2008-11-17 03:37:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111620081117\index.dat
2010-05-01 14:54:51 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
============= FINISH: 18:23:14.60 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/14/2006 8:59:19 PM
System Uptime: 8/4/2010 6:10:26 PM (0 hours ago)
Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2792/800mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 107 GiB total, 65.251 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 37.165 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6000 E609n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6000 E609n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6000 E609n
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet 6000 E609n
PNP Device ID: ROOT\PRINTER\0000
Service:
==== System Restore Points ===================
RP449: 5/6/2010 4:06:49 PM - System Checkpoint
RP450: 5/7/2010 4:54:54 PM - System Checkpoint
RP451: 5/8/2010 5:08:55 PM - System Checkpoint
RP452: 5/9/2010 6:21:32 PM - System Checkpoint
RP453: 5/11/2010 9:50:06 AM - System Checkpoint
RP454: 5/12/2010 2:52:55 PM - System Checkpoint
RP455: 5/12/2010 9:42:37 PM - Software Distribution Service 3.0
RP456: 5/15/2010 12:41:22 PM - System Checkpoint
RP457: 5/16/2010 12:57:55 PM - System Checkpoint
RP458: 5/18/2010 10:33:43 AM - System Checkpoint
RP459: 5/19/2010 4:50:36 PM - System Checkpoint
RP460: 5/20/2010 5:21:20 PM - System Checkpoint
RP461: 5/21/2010 8:55:47 PM - System Checkpoint
RP462: 5/22/2010 9:11:03 PM - System Checkpoint
RP463: 5/23/2010 5:19:22 PM - Installed eFax Messenger
RP464: 5/24/2010 6:12:06 PM - System Checkpoint
RP465: 5/25/2010 7:07:57 PM - System Checkpoint
RP466: 5/25/2010 10:53:46 PM - Software Distribution Service 3.0
RP467: 5/27/2010 8:10:49 PM - System Checkpoint
RP468: 5/28/2010 8:29:00 PM - System Checkpoint
RP469: 5/30/2010 8:37:16 AM - System Checkpoint
RP470: 5/31/2010 9:05:28 AM - System Checkpoint
RP471: 6/1/2010 9:16:46 AM - System Checkpoint
RP472: 6/2/2010 2:26:12 PM - System Checkpoint
RP473: 6/3/2010 2:29:00 PM - System Checkpoint
RP474: 6/4/2010 4:05:29 PM - System Checkpoint
RP475: 6/4/2010 10:40:00 PM - Software Distribution Service 3.0
RP476: 6/5/2010 11:26:08 PM - System Checkpoint
RP477: 6/6/2010 11:31:54 PM - System Checkpoint
RP478: 6/8/2010 4:08:53 PM - System Checkpoint
RP479: 6/9/2010 5:31:26 PM - System Checkpoint
RP480: 6/10/2010 11:15:05 PM - Software Distribution Service 3.0
RP481: 6/12/2010 1:20:19 PM - System Checkpoint
RP482: 6/13/2010 3:41:24 PM - System Checkpoint
RP483: 6/16/2010 10:00:32 AM - System Checkpoint
RP484: 6/18/2010 1:37:12 PM - System Checkpoint
RP485: 7/11/2010 9:50:36 PM - Software Distribution Service 3.0
RP486: 7/15/2010 9:58:29 PM - Software Distribution Service 3.0
RP487: 7/17/2010 4:24:39 PM - System Checkpoint
RP488: 7/18/2010 9:14:20 PM - System Checkpoint
RP489: 7/20/2010 7:25:27 PM - System Checkpoint
RP490: 7/25/2010 3:32:20 PM - System Checkpoint
RP491: 7/31/2010 7:53:45 AM - System Checkpoint
RP492: 8/1/2010 5:52:05 PM - System Checkpoint
RP493: 8/2/2010 8:49:56 PM - Software Distribution Service 3.0
RP494: 8/3/2010 9:51:12 PM - Removed Java(TM) 6 Update 11
RP495: 8/3/2010 10:00:12 PM - Installed Java(TM) 6 Update 21
RP496: 8/3/2010 10:29:55 PM - Installed Safari
RP497: 8/3/2010 10:30:21 PM - Removed Safari
RP498: 8/3/2010 10:31:31 PM - Removed Skype™ 3.8
RP499: 8/3/2010 10:31:43 PM - Installed Skype™ 4.2
RP500: 8/3/2010 10:37:41 PM - Installed iTunes
==== Installed Programs ======================
32 Bit HP CIO Components Installer
6000E609_eDocs
6000E609_Help
6000E609n
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applet_App
Applet_Copy
Applet_Creativity
Applet_Email
Applet_Epp
Applet_File
Applet_OCR
Applet_Web
ArcSoft PhotoImpression 3.0
Authentium AntiVirus SDK - 2
Bonjour
BPDSoftware
BPDSoftware_Ini
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Citrix Presentation Server Client - Web Only
Compatibility Pack for the 2007 Office system
CompuChess 2004
Conexant D850 56K V.9x DFVc Modem
Copy Utility
Corel Paint Shop Pro X
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
DellSupport
DeviceDiscovery
Digital Content Portal
Digital Line Detect
Disney's ReadingQuest
Documents To Go
Dreamship Tales
eFax Messenger
ELIcon
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN 5
ERUNT 1.1j
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Officejet 6000 E609 Series
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Ink Monitor
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iTunes
Java Auto Updater
Java(TM) 6 Update 21
JumpStart Phonics
JumpStart Phonics Read and Rhyme
Learn2 Player (Uninstall Only)
LEGO My Style Preschool
Magic 3D Coloring Book Cool Critters
Malwarebytes' Anti-Malware
MarketResearch
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Mirar
MobileMe Control Panel
Modem Helper
Move Networks Media Player for Internet Explorer
MSN
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Network
Otto
Palm Desktop
Palm VersaMail(tm)
PPSDKRedistributables
ProductContext
QuickTime
Radialpoint Security Services
Reader Rabbit 1st Grade
Reader Rabbit Personalized Preschool
Reader Rabbit Reading Ages 4-6
Reader Rabbit Toddler
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SA21xx Device Manager
Safari
Search Assist
Secunia PSI
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Shop for HP Supplies
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
The ClueFinders Reading Adventures Ages 9-12
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Verizon Broadband Toolbar (IE only)
Verizon Help and Support Tool
Verizon PC Security Checkup
Verizon Servicepoint 1.5.22
Vz In Home Agent
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip 14.5
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
8/2/2010 8:37:35 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
8/1/2010 3:25:34 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/1/2010 3:25:34 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
8/1/2010 2:59:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
==== End Of File ===========================
Hi,
Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Delete these files if found:
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-5bba8c8c
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\41\56bcbf29-6a2c8544
C:\Documents and Settings\Ranga Narayanan\Application Data\Sun\Java\Deployment\cache\6.0\2\4d1db782-5e72dac5
C:\Documents and Settings\Ranga Narayanan\Application Data\Sun\Java\Deployment\cache\6.0\40\8dc4ee8-30267529
C:\Documents and Settings\Revathi Subramony\Application Data\Sun\Java\Deployment\cache\6.0\41\17212269-626633d5
Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
We need to re hide system files. To do so, please follow the steps below:
Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab.
Put a check by
Hide file extensions for known file types.
Under the
Hidden files
folder, select
Show hidden files and folders.
Check
Hide protected operating system files.
Click Apply, and then click OK.
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html)
Good commercial ones are from:
Kaspersky (http://www.kaspersky.com/homeuser) and
ESET (http://www.eset.com/products/index.php)
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) or Comodo Firewall Pro (http://www.personalfirewall.comodo.com/download_firewall.html#fw3.0) (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Hi,
Thank you for all your invaluable help. It looks like my computer is working well. I am not detecting any problems or performance issues. I followed all of the instructions in your last post. I have a few questions:
Is my computer clean now?
Was my infection of the sort associated with ID theft since I don;t know when I got infected and may have conducted online financial transactions?
Should I go ahead and re-enable Spybot's Teatimer feature now?
When I installed and ran Avira Anitvir and did a full scan, it showed some infected/suspicious files - any cause for concern and should I so anything about it? I have attached the scan report below:
Thank you once again.
Avira AntiVir Personal
Report file date: Thursday, August 05, 2010 22:17
Scanning for 2680386 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : STUDYCOMPUTER
Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 02:13:04
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 02:13:07
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 02:13:14
VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 02:13:14
VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 02:13:14
VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 02:13:14
VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 02:13:15
VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 02:13:15
VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 02:13:16
VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 02:13:17
VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 02:13:18
VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 02:13:18
VBASE017.VDF : 7.10.10.53 1536 Bytes 8/3/2010 02:13:18
VBASE018.VDF : 7.10.10.54 1536 Bytes 8/3/2010 02:13:19
VBASE019.VDF : 7.10.10.55 1536 Bytes 8/3/2010 02:13:19
VBASE020.VDF : 7.10.10.56 1536 Bytes 8/3/2010 02:13:19
VBASE021.VDF : 7.10.10.57 1536 Bytes 8/3/2010 02:13:19
VBASE022.VDF : 7.10.10.58 1536 Bytes 8/3/2010 02:13:19
VBASE023.VDF : 7.10.10.59 1536 Bytes 8/3/2010 02:13:19
VBASE024.VDF : 7.10.10.60 1536 Bytes 8/3/2010 02:13:19
VBASE025.VDF : 7.10.10.61 1536 Bytes 8/3/2010 02:13:20
VBASE026.VDF : 7.10.10.62 1536 Bytes 8/3/2010 02:13:20
VBASE027.VDF : 7.10.10.63 1536 Bytes 8/3/2010 02:13:20
VBASE028.VDF : 7.10.10.64 1536 Bytes 8/3/2010 02:13:20
VBASE029.VDF : 7.10.10.65 1536 Bytes 8/3/2010 02:13:20
VBASE030.VDF : 7.10.10.66 1536 Bytes 8/3/2010 02:13:20
VBASE031.VDF : 7.10.10.82 116224 Bytes 8/5/2010 02:13:21
Engineversion : 8.2.4.32
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/6/2010 02:13:35
AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 8/6/2010 02:13:34
AESCN.DLL : 8.1.6.1 127347 Bytes 8/6/2010 02:13:32
AESBX.DLL : 8.1.3.1 254324 Bytes 8/6/2010 02:13:35
AERDL.DLL : 8.1.8.2 614772 Bytes 8/6/2010 02:13:32
AEPACK.DLL : 8.2.3.3 471414 Bytes 8/6/2010 02:13:30
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/6/2010 02:13:29
AEHEUR.DLL : 8.1.2.10 2830711 Bytes 8/6/2010 02:13:28
AEHELP.DLL : 8.1.13.2 242039 Bytes 8/6/2010 02:13:24
AEGEN.DLL : 8.1.3.18 393589 Bytes 8/6/2010 02:13:24
AEEMU.DLL : 8.1.2.0 393588 Bytes 8/6/2010 02:13:23
AECORE.DLL : 8.1.16.2 192887 Bytes 8/6/2010 02:13:22
AEBB.DLL : 8.1.1.0 53618 Bytes 8/6/2010 02:13:22
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Thursday, August 05, 2010 22:17
Starting search for hidden objects.
HKEY_USERS\S-1-5-21-3067858452-4179800265-409904301-1005\Software\Microsoft\Internet Explorer\Main\window_placement
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.
The scan of running processes will be started
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '63' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'avcenter.exe' - '63' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'McciBrowser.exe' - '56' Module(s) have been scanned
Scan process 'hpqgpc01.exe' - '41' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '30' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '54' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'iPodService.exe' - '30' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '27' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '89' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'McciCMService.exe' - '27' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '82' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'SAgent2.exe' - '24' Module(s) have been scanned
Scan process 'dvpapi.exe' - '23' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '29' Module(s) have been scanned
Scan process 'psi.exe' - '88' Module(s) have been scanned
Scan process 'J2GTray.exe' - '64' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '56' Module(s) have been scanned
Scan process 'DLG.exe' - '23' Module(s) have been scanned
Scan process 'DvzMsgr.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '58' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'J2GDllCmd.exe' - '21' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '72' Module(s) have been scanned
Scan process 'jusched.exe' - '21' Module(s) have been scanned
Scan process 'McciTrayApp.exe' - '28' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '30' Module(s) have been scanned
Scan process 'igfxpers.exe' - '23' Module(s) have been scanned
Scan process 'hkcmd.exe' - '22' Module(s) have been scanned
Scan process 'ehtray.exe' - '37' Module(s) have been scanned
Scan process 'Explorer.EXE' - '104' Module(s) have been scanned
Scan process 'spoolsv.exe' - '70' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '161' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '56' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'winlogon.exe' - '68' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '1770' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudDefenseCenter7.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSysguard2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadpc2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\34db286c-4aff2185
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AO Java virus
--> Is.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AO Java virus
--> MyName.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AN Java virus
--> Phone.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AP Java virus
Begin scan in 'D:\' <Backup>
Beginning disinfection:
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\34db286c-4aff2185
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AP Java virus
[NOTE] The file was moved to the quarantine directory under the name '47e57c74.qua'.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadpc2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '5f045228.qua'.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSysguard2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '0d2e08f9.qua'.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudDefenseCenter7.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '6b19473b.qua'.
End of the scan: Friday, August 06, 2010 05:41
Used time: 56:37 Minute(s)
The scan has been done completely.
13683 Scanned directories
366991 Files were scanned
3 Viruses and/or unwanted programs were found
3 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
366985 Files not concerned
4277 Archives were scanned
0 Warnings
4 Notes
640692 Objects were scanned with rootkit scan
2 Hidden objects were found
Hi,
Is my computer clean now?
It looks pretty good. If no issues left then I'd say it's clean.
Was my infection of the sort associated with ID theft since I don;t know when I got infected and may have conducted online financial transactions?
This was more search results affecting issue but changing online passwords wouldn't do any harm.
Should I go ahead and re-enable Spybot's Teatimer feature now?
You may do so now if you want to use the feature.
When I installed and ran Avira Anitvir and did a full scan, it showed some infected/suspicious files - any cause for concern and should I so anything about it?
Seems that all those findings wre removed properly. I don't see any need for further action there.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.